Featured Article

Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day

By Ax Sharma on October 12, 2023 vulnerability

Discover ten open source packages affected by the HTTP/2 Rapid Reset vulnerability, disclosed by Cloudflare this week

A guide for open source software (OSS) security

By Aaron Linskens on August 28, 2023 secure software supply chain

6 minute read time

Evaluate open source software (OSS) security to ensure safe usage of software components in software development life cycles and software supply chains

Read More...

Enhancing software supply chain security: New Sonatype product capabilities

By Tara Flynn Condon on August 21, 2023 News and Views

3 minute read time

Sonatype announces the latest enhancements for Sonatype Repository Firewall, Sonatype Nexus Repository, and Sonatype Lifecycle.

Read More...

“Quoi...? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer

By Ax Sharma on July 17, 2023 PyPI

3 minute read time

A malicious PyPI package called ‘feur’ was caught by Sonatype’s automated malware detection systems

Read More...

A closer look: Differentiating software vulnerabilities and malware

By Aaron Linskens on July 11, 2023 vulnerabilities

7 minute read time

Vulnerabilities and malware in open source software pose significant threats to the security and integrity of your software supply chain

Read More...

Supply chain security inside and out

By Michael Prescott on April 26, 2023 secure software supply chain

3 minute read time

Every organization needs to safeguard their SDLC. Take a look at two key aspects of ensuring external and internal security for your software supply chain.

Read More...

Protecting software developers from malware with AI/ML insights

By Mandeep Singh on April 20, 2023 featured

5 minute read time

Developer-targeted malware is a complex and difficult problem. A look at what tools and information are needed to reduce risk in your development pipeline.

Read More...

Sonatype Repository Firewall is an easy solution for a big problem

By Audra Davis-Hurst on April 03, 2023 secure software supply chain

6 minute read time

Discover Sonatype Repository Firewall's AI-driven protection for SDLCs, blocking malicious components and ensuring a more secure software supply chain.

Read More...

Top 8 malicious attacks recently found on PyPI

By Sonatype Developer Relations on March 16, 2023 vulnerabilities

13 minute read time

Eight malicious attacks on PyPI recently caught our Security Research Team's eye. Get the details about the actions and motivations of the attackers.

Read More...

Malware Monthly - January 2023

By Sonatype Developer Relations on February 10, 2023 vulnerabilities

11 minute read time

January 2023's Malware Monthly covers malware that rejects virtual machines, Linux crypto miners, evasive variants of RAT mutants, and more.

Read More...

Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day

A guide for open source software (OSS) security

Enhancing software supply chain security: New Sonatype product capabilities

“Quoi...? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer

A closer look: Differentiating software vulnerabilities and malware

Supply chain security inside and out

Protecting software developers from malware with AI/ML insights

Sonatype Repository Firewall is an easy solution for a big problem

Top 8 malicious attacks recently found on PyPI

Malware Monthly - January 2023

Secure your software supply chain

Subscribe for all the latest software security news and events